Author Topic: Avast corrupted, doesnt accept reinstall (NOT A WIN32 APP), Windows CRAZY! HELP!  (Read 45025 times)

0 Members and 1 Guest are viewing this topic.

ZStorm

  • Guest
Hiya all

For 24 hours now my pc went crazy. After receiving a zip and executing the file which would be a cracker for Kaspersky Internet Security, sent by a friend thro file transfer on Yahoo Messenger (he said he got that cracker on EMule), things went outta control here.

I had for years NIS 2005 running for firewall and AV. Since its registration expired I kept using it only as firewall (no matter if it couldnt be updated) and installed in July 2007 Avast! 4.7 to run for AV. So far so good. Last week I had NIS completely suspended and longer running as it reached the max period for being installed without a renewed registration and couldnt be started anymore. So I proceeded to uninstall it using Control Panel and put Windows Firewall to work.

I thought to be ok and safe having WF + Avast! for AV till i started to realise maybe something was passing thro internet without getting the alarms I was used to with NIS. I decided to install another tool to get safer. I already had KIS 6 downloaded on hard drive along with a supposed ok regkey to use on it, then I tried to install it but it didnt work as the key expired (no wonder, I had it with me since 2006) - so the install of KIS never really happened as it was canceled by time it asked for regkey, being the one i had invalid, the process was aborted.

I didnt sleep much over the matter till this last weekend when I checked Kaspersky site and the version I had was not that outta date, then I thought to try for a new cracker or keygen. Yesterday I made the stupid request for an old friend who was online to give me a hand to search those. He passed me 2 links for regkeys I downloaded myself which didnt work as they were old and unvalid as the one I had here. He tried then on EMule and sent me a zip file (about 700K) which caught my eye for being damn big for a keygen. Once I unzipped and ran the exe, it asked me which file to crack (pretty weird again). I pointed for KIS exe file and it ran a process which gave me an weird error I dont recall and auto aborted the task. Just after that, I left puter connected and went for lunch. As I can see in my logs, pc restarted by itself something like 1-3 minutes after cracker played and for a coincidence I wasnt on my desk.

When I got back from lunch, I found it a bit weird but didnt give it much credit. Anyway, I decided to go ahead and install KIS for the moment being (with activation later) so to try it while looking for an ok cracker. At the moment it started to run the setups it asked many many times in a row about configuring ports and accesses for Flashget and couple more programs, till it prompted on an alert window a program was trying to change Avast INI file and if agreeded with that or not as it could disable real-time scans and some features of Avast!. At first I said NO NO NO NO... that window popped 27398423789432 times in an eternal loop, then i decided to click YES to see it if it would stop. It didnt. It kept prompting the alert and no matter YES or NO or closing the box, it loop didnt stop.

Im not sure now if I ended KIS by killing the process on task manager and then proceeded to uninstall it from Control Panel (which took many attempts till finally working; for 3 previous attempts it gave an error saying some file was missing so the removal was impossible) OR if system froze and I had to force reboot and when back tried to uninstall it as I said above. Either way, while trying to uninstall KIS and realising things went much weird, I tried to scan that cracker with Avast! and nothing happened. Whole system went very slow, Task Manager was prompting for 100% CPU usage no matter what, I had to reboot many times till getting Control Panel to populate add/remove programs and stuff. Also when trying to connect on internet, for times it wasnt recognising modem or giving errors, when connected it didnt show any stability.

On those reboots my icons on the status bar disappeared almost completely. Programs were not being loaded or if they were, they were not showing on bar and if selected manually to run, some would others wouldnt. I got many errors during the start up about files missing and apps not able to start properly. Avast! icon had disappeared as well and trying to run the application was toll frustrated.

By then, occurred to me to RESTORE the system and so there were many attempts without any results besides one - when I asked for the Restore and it came back saying "Your system couldnt be restored and no changes were applied", the system for some reason put back my start up icons working and the speed of pc was almost normal. For that moment Ive noticed 3 things more:

- WF was ALWAYS disabled on Security Center with the message saying "Security Center is not turned on. Restart or select to switch it on" or similar;
- Avast! icon had disappeared for good even if all the others were back and still no use to try to use it or to uninstall it (it wasnt showing on Control Panel either);
- connection to internet started to work again BUT once Internet Explorer was trying to run, it would make the system really crazy, calling many different Prefetch files, taking over CPU usage, creating gradually dummy files like "14979875.exe" running on processes, forcing the system to collapse if left running that way or for me to switch off power so to be able to restart.

By then was more than clear I had a bug messing with the system or maybe some Windows system file was corrupted and I didnt have any AV to scan pc. Some thunderbold stroke me in the head and I tried once more to remove Avast! 4.7 now by running the install file. It worked that way and from that moment on at least system was being started in a more normal way so I could try run the Avast! Cleaner  I had downloaded previously (same version as the available on site) and results were negative (report attached). Second thought was to get a new version of Avast! and scan pc. I found out also even if IE was impossible to run, Firefox was working normally and from there I downloaded Avast! 4.8 and some patch files I searched on MS site for fixing IE7 bugs and stuff. I thought the problem was a bug or corrupted file on system and on IE as when running IE the system started to fetch other programs and files overloading CPU.

Many hours later and many downloads done, I tried to install those files and absolutely NONE worked. The error was the same "not a Win32 application" or "file corrupted". Also not a single online scan worked for me on Firefox (most of them require IE) which would bring a result of infection. By having those messages I came to Avast! forum and I got my chin down when searching for those keywords and getting so many returns. I read lots of topics and downloaded some of the files which were pointed but then again, Im stucked.

Most of applications dont run as they hit on the same wall... "not a Win32 app". The Combo-Fix didn't work as well (report attached) as it crashed the system after prompting it was changing my pc clock (MS Windows report attached). The Symantec solution FXBGLEMO.EXE can't be run as my PC DOESNT ACCEPT TO RUN UNDER SAFE MODE (when I select it, comes a sequel of files like if they were being read or fetched starting with "multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\SYSTEM32\*.*" and then it restarts again and ONLY accepts the normal mode.

I tried also the RegisterBooster and it ran ok. Too bad it gives the result of 747 errors/problems but says it can fix only 15 on trial. When I tried to see the log file, it opened IE and crashed pc as before. I tried from another path from the console and it froze the system. Also I couldnt find the file on my pc so to read it and attach it here.

So, dear new friends, would have someone out there who could have patience to read this novel here and help me out on fixing this? IS THERE A CURE, DOCTOR?  :'(  ???


In advance, Id like to thank anyone who will have patience to read this and even more to the ones who might be interested in helping me.

PS1: Attached goes my pc configuration.
PS2: I downloaded and ran the tool to remove Norton program using SymNRT and it worked ok.
PS3: I have HiJackThis but not installed. I tried to run it but again the same 'not Win32 app' error.
« Last Edit: April 09, 2008, 11:53:38 PM by ZStorm »

ZStorm

  • Guest
I dont know if what Im doing is right but from reading other topics Ive downloaded some tools and finally one worked.

>> Goes attached MAIN and EXTRA log files of Deckards System Scanner (DSS).

SUPERAntiSpyware stucks just after asking for retrieving programs update. It gets CPU usage on the roof and has to be ended on the Task Manager or else it crashes system.

Avast Antirootkit was installed successfully but after 33 minutes, 146.000 objects scanned and 1174 items found, the program crashed and gave it a report to be sent to MS.  :(

NOTE: Files XXX.exe (where X are random numbers) which I saw popping up like a plague on Task Manager while IE was running before (and crashing system) were found by Avast Antirootkit in \WINDOWS\SYSTEM32\DRIVERS\DOWNLD\ folder.

Im completely in the dark here. Please, if somebody can give me a light, Id appreciate. I dont even know if accessing my email or logging in here its safe or not.

Im back on running again antirootkit and other tools, hoping to find at least which malware is it.

Offline rhuds13

  • Jr. Member
  • **
  • Posts: 34
  • I'm a llama!
I would say complete format and reinstall.  And in future stick to Legal software for your security.  Avast Home Free and a Free firewall and a Free Anti-Spyware.  No need to use stolen security software these days when free version are just as good.

wursti

  • Guest
ZStorm, have you tried to restore the system in Safe Mode...? If not, then I would do that next.
For some reason some systems only perform total restore in Safe Mode, e.g my old desktop...

And if that doesn't help, then I agree with the format and reinstallation.
« Last Edit: April 10, 2008, 08:43:37 AM by wursti »

ZStorm

  • Guest
Spyware Terminator was successfully installed and executed the Fast Spyware Scan. More relevant results were about 2 different trojans:

- TROJAN.DOWNLOADER.BAGLE.FG.2
- TROJAN/TOOSRRR.SRR


>> Log from Terminator scan goes attached.
>> Log from Avast Antirootkit crash report to MS
(check my previous post) goes attached.

When asked about what to do with malware, I selected all to go to quarantine but one of the infected files with Bagle couldnt be moved and it was recommended to restart and rescan under safe mode.

ZStorm, have you tried to restore the system in Safe Mode...? If not, then I would do that next.

Thing is... I dunno why but SAFE MODE IS NOT WORKING at all. Windows only let me in on normal mode.

If theres anybody there who could tell me how to manage to get into safe mode, Id be pretty much gratefull.

I would say complete format and reinstall.

And if that doesn't help, then I agree with the format and reinstallation.

In fact, my pc needs a rebuilding for 'yesterday' as the last one was done about 4 years ago. Theres a tiny detail which stopped or at the very least not encouraged me at all to do so... the fact that the only option I have since forever for internet connection here is DIAL UP :( . 4 years back was already 'painful' to rebuilt a XP Pro under such speed and took me about a week only to tie up Windows. Go figure about the rest of installs and updates. Was a nightmare before and nowadays files went bigger and stuff... I believe it would take me 2-4 weeks to get system running with my programs adjusted and updated.

That said, I hope you all can understand WHY Im insisting so much on trying to fix whatever is I got here, not only cuz of the long heavy work to rebuilt under dialup but as well I aint comfort about doing a backup at this point as I dont know the level of risks and damages caused to other files (and which files) by those malwares.

rhuds13 and wursti, Id like to thank you both for your time and replies, you were very kind and nice.

I hope there will be other replies not only from you but from others who could give me a hand from this new status Im on now.

PS: Another interesting detail. Avast! 4.8 which was installed previously but wasnt being loaded at all (tho files where installed), after this scan/reboot of Terminator, it appeared back on tray as also running. At the moment its generating VRDB so I can proceed with other tasks when its done later on.

Thank you all and in case you have some procedure or information to help me out on this marathon, it will be very welcomed.

ZStorm

  • Guest
And in future stick to Legal software for your security.  Avast Home Free and a Free firewall and a Free Anti-Spyware.  No need to use stolen security software these days when free version are just as good.

rhuds13, I agree with you when you say nowadays theres on the market free and good softwares for security but its a recent reality. Couple years ago, most of products were only for purchase requiring a good $ investiment (for personal use were very expensive indeed) and the free ones didnt have reach the level of competence they achieved today. I aint proud of having had used unlicensed software but it was more a matter of opportunity and necessity rathen than ideological one, not to mention time available to check out for what came out for free usage on this mutable market.

I strongly believe software companies shall be profitable - but not abusive. Behind those softwares there are lots of ppl who work/need/deserve to be well paid for their work but then again, it doesnt give the right for certain companies to get prices on the roof and not affordable for home usage.

I think the Software/IT industry already has been learning to understand the market and its needs/behaviour. Mass range apps cant be expensive and 'stiff' (i.e., Windows x Linux; internet security packs had their prices much lower if compared to 1-2 years ago as the usage of internet and need for security tools increased in an exponential rate; increased access/usage of digital medias also internet access from all kinds and levels of people all over world etc. etc.). The way of life is changing, so I hope the market to keep following it  :)

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Couple of things:
- You did NOT uninstall Norton completely and that can give problems
- You where trying to use software illegally
- NEVER put two av's on one system, that is asking for problems.

- Remove nav completely
How to completely remove Norton (Symantec)
- Remove Kaspersky completely
- Repair Avast! and run a boottime scan
- Stop usig software illegally

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
You could try downloading and running a full scan with cureit http://www.freedrweb.com/cureit/ if it will run. It's standalone, no install needed, runs from the download location, considered pretty effective. It might give you back enough functionality to make a full fix easier. It's around 9Mb. Run it as soon as it's downloaded- it has no updater.

I guess you've tried the "push f8" trick during reboot to get into safe? If that doesn't work, run msconfig and select "safeboot on the "boot ini" tab. Click OK.Then restart.
I suspect the safe option may have been disabled by the malware.
If you can get into safe, run whatever scan you can, quarantine anything found. If you can install and run HijackThis that would be good.

It's possible the files inserted by Avast into the chest during the VRDB action culd be corrupt, and useless. Don't know that though, but I wouldn't rely on them. If you can get this fixed and the system clean I'd clear the chest and have it rebuild anew, just in case.
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
PS, sometime soon it would be a good idea to run a cleanup utility. Ccleaner if you have it, the inbuilt windows disk cleanup if you don't.
This will just get rid of temporary files etc, and reduce the time for scanning. Might take some malware files with it, by clearing the temp internet files/java cache etc.
It looks like quite a load of malware you've got. All for one keygen. Tsk Tsk. (I have no idea why people do this. Russian roulette.)
Anyway, good luck.

Windows 10,Windows Firewall,Firefox w/Adblock.

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
it's a Beagle/Bagle infection... oldman and essexboy got a huge skills for a manual removing of this virus... hopefully they can guide you (or you can find another Beagle related threads here)... i must advice you to install a 4.8 version of avast after cleaning, because it is bullet-proof in Beagle case..

Offline rhuds13

  • Jr. Member
  • **
  • Posts: 34
  • I'm a llama!
A few weeks back I worked on a system with the Beagle and Avast could not remove all traces even in boot scan.  Finally had to reformat.  But now with Avast 4.8 it may be able to kill it.  If you know someone with a high speed connection perhaps they would let you use it to get all your updates. Then use something like Norton Ghost to image your system on DVD for future installs.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88854
  • No support PMs thanks
It's not so much 4.8 being able to kill bagel/beagle (there will be variants it might not detect), but to stop bagel/beagle killing the AV (avast self-defence module) so that it can still do its work.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ZStorm

  • Guest
Hi guys

First of all, thanks to all of you for your attention and posts. All has been of much help.

After my last post, I went running Avast! 4.8 updated (lasted for more than 9 hours) and found away many more malware - all moved to chest. NOTE: this first scan was done on normal mode as well not a boot-time one as I couldnt find where to select that option at first.

Was already late here when it ended and I didnt have any strength to set anything else besides giving a look in here and checking for news. I was very glad to have your replies and those helped and help me on my marathon here. Thanks to information here, I succeeded in running another Avast! scan but this time under safe mode and a boot-time one. Logs attached.

- You did NOT uninstall Norton completely and that can give problems
- Remove nav completely
- Remove Kaspersky completely

I did ran the Norton Removal Tool (saw it on some other topic here and thought it was a good thing to do) 2 days ago. It downloaded ok, ran ok and said in the end it was removed. But I suppose something didnt work that good as I could see on logs I posted previously remaints of NIS on my system. Following your advice, I downloaded it again and ran it again, getting the same result.

I found the Kaspersky Removal Tool (http://support.kaspersky.com/faq/?qid=193239279) and its instructions ask to run it under SAFE MODE. Then what Im gonna do is to run again Norton but on safe mode as well I will do with Kaspersky.

You could try downloading and running a full scan with cureit.

...run msconfig and select "safeboot on the "boot ini" tab.

... run HijackThis that would be good.

It's possible the files inserted by Avast into the chest during the VRDB action culd be corrupt, and useless. Don't know that though, but I wouldn't rely on them. If you can get this fixed and the system clean I'd clear the chest and have it rebuild anew, just in case.

Cureit was downloaded and I will run it on safe mode. Next thing on my to-do list.

Thanks a lot for the hint of MSCONFIG. Safe mode is working that way. :)

Hijackthis was downloaded as well and all times I will get something running/scanning I will get a Hijackthis log after.

Im sorry but Im not sure I got what you meant on your last paragraph. I ran VDRB yesterday morning as soon as I got Avast! 4.8 repaired and updated. Of course it was empty by then. Are you refering to the 3 system files VRDB puts on chest to be corrupted?

PS, sometime soon it would be a good idea to run a cleanup utility. Ccleaner if you have it,

It looks like quite a load of malware you've got. All for one keygen.

CCleaner downloaded and I ran it already  :) . Will do it again on safe mode before and after running the other applications.

Ive searched for info about the Beagle (http://www.symantec.com/security_response/writeup.jsp?docid=2004-031310-3624-99&tabid=2) and from what I read they say its spread by email. If thats right, I didnt get that damn keygen by email but from a file transfer on Yahoo Messenger. Also I scanned the files many times and all results were clear. I wonder then if and how I got this malware and the rest I found so far.  ???  Btw, I only use web-based mails.

it's a Beagle/Bagle infection... oldman and essexboy got a huge skills for a manual removing of this virus... hopefully they can guide you (or you can find another Beagle related threads here)... i must advice you to

Besides Beagle I got other trojans and malware here.  :(  I wonder if they are related somehow.

Yeah, oldman and essexboy seem to be great with Beagle removing. Actually I read some of their posts on other threads even before I registered as a forum member. Thanks to their information (also some from Tech and w0mbat) on other cases I managed to download and run some tools/tasks which let me at least to get system stable enough to run spyware (Spyware Terminator was the blessed tool which was the only that would work when others like Combofix, Super AntiSpyware, Avast! Antirootkit, HijackThis, Deckards System Scanner, Registry Booster were impossible to install or to run without crashing system).

Id love to have those members help but I dunno how to do it as I cant send PMs to anyone (why is that, btw?) and their profiles dont give any option for contact. I would be very thankful if you could give them a nudge about my thread as you are an Avast Team Member;D

A few weeks back I worked on a system with the Beagle and Avast could not remove all traces even in boot scan.  Finally had to reformat.  But now with Avast 4.8 it may be able to kill it. 

It's not so much 4.8 being able to kill bagel/beagle (there will be variants it might not detect), but to stop bagel/beagle killing the AV (avast self-defence module) so that it can still do its work.

Afterall, can Beagle be killed or not? Does Avast! 4.8 can or not take care of the job?


Attached goes log files from Avast scans plus HijackThis ones so theres information about the malwares found so far.

I have few questions...
- may I uninstall the previous Java updates? I have many old ones on my system, they are huge and take ages to scan. I dunno if they are necessary or not.
- Why IE7 still crashes my system everytime its started, even if offline?
- Is Being connected to internet a threat as I have all those malwares here and any firewall on? Is it safe to access my webmail and even login services, like here on this forum?
- I cant find an option or file containing the reports/logs from Avast! 4.8 scans. Is it only for Pro version?

Ok, thats it for now. Im gonna crawl to my cradle as Im working on this since monday, sleeping less than 5 hours per day and Im quite dead.

By morning I will perform the safe mode scans/tasks and will report them asap.

Have all a great weekend.

ZStorm

  • Guest
last HijackThis log of they day and after Ccleaner. after that no further tasks/scans were done.

ZStorm

  • Guest
OOPSS! I selected from MSCONFIG to run on SAFE MODE, like Tarq suggested. It worked yesterday when I selected also to run a boot-time scan on Avast! 4.8. It worked fine for the scan and safe mode, as I had to switch back to normal mode when back to windows after boot-time scan.

I performed others tasks after that and before going to sleep set again the MSCONFIG to run next on safe mode. Today when I turned on pc, it didnt allow me to start system on safe, rebooting it and getting me back to the options screen to select which kinda boot to run. Before it would let me select NORMAL and then load system but now it doesnt. I suppose by changing the mode on MSCONFIG makes the boot to keep on loop and not accept the normal.

How can I revert that and log at least on normal mode?